CompTIA CASP+ (CAS-003) — Question 275

A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the
IdP with their credentials and are given a list of applications they may access. One of the application's authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause?

Answer options

• A. The application only supports SP-initiated authentication.
• B. The IdP only supports SAML 1.0
• C. There is an SSL certificate mismatch between the IdP and the SaaS application.
• D. The user is not provisioned correctly on the IdP.

Correct answer: A

Explanation

The correct answer is A because the application requires SP-initiated authentication, meaning it must be accessed directly for the authentication process to work. The other options are incorrect because the IdP supports SAML 2.0, there is no mention of SSL certificate issues, and user provisioning issues would not specifically cause the authentication failure described.